Less than a year from now, the General Data Protection Regulation (GDPR) goes into effect.
This week, New York City-based Evidon launched a beta version of which it says is “the first practical, commercial-grade solution” to collect user permissions in compliance with GDPR.
Called the Universal Consent Platform, it updates the company’s previous Site Notice Platform, which facilitated user consent for the GDPR’s predecessor, the European Union’s ePrivacy Regulation (“Cookie Law”).
Although this new platform is intended for publishers of mobile apps and desktop/mobile web sites, CEO and co-founder Scott Meyer told me that his company is also looking at applying the platform to other devices, such as voice-based agents like Amazon’s Alexa or smart car dashboards.
Under GDPR, companies with EU visitors need to obtain consent for collection and use of their personal data, which includes browsing behavior. Meyer noted that companies doing business in EU countries should take steps to comply because of the possible heavy fines. This includes, he pointed out, US-based brands with a European presence.
U.S. companies without much business in the EU will technically be in violation if they don’t comply, because GDPR covers any EU citizen wherever they are. But, practically, Meyer said there will likely be little legal exposure for those US-only firms, since “EU regulators don’t have some huge army.”